Hashing Passwords

May 5, 2018

Last October I made a utility website passwordhashing.com, it takes plain text and converts it into one of BCrypt, PBKDF2, SHA1, SHA256, SHA384 or SHA512.

It’s not a high traffic site, but what’s interesting is that 94% of the requests are for bcrypt hashes. What’s not clear is why. I’d like to think that bcrypt is now the more popular hashing algorithm, it’s a happy thought, but I can’t claim this site is big enough to evidence that. I suspect the reality is that someone has linked to the tool from a forum where someone needed a bcrypt hash to reset an admin password in magento, or some other cms tool. ¯\(ツ)/¯. Here’s the breakdown of requests:

Url % of Views
/ 1.26%
/BCrypt 94.11%
/PBKDF2 1.69%
/SHA1 1.14%
/SHA256 0.72%
/SHA384 0.26%
/SHA512 0.79%
/translate_c 0.03%

TIL the /translate_c url is because someone is mirroring my site in another language.

Discussion, links, and tweets

comments powered by Disqus

I'm a developer at Purplebricks and I sporadicaly tweet here. These posts in no way represent the views of my employeer.